Table of Contents
Advertisement
Chapter 6. Configuring the Enterprise Security Client
Blank tokens are unformatted, so they do not have an existing Phone Home URL, and
the URL must be set manually. Formatted tokens (and tokens can be formatted by the
manufacturer or by your IT department) already have the URL set, and thus do not prompt to
set the Phone Home URL.
c. Fill in the new TPS URL with the SSL port information. For example:
https://server.example.com:7890/cgi-bin/home/index.cgi
d. Click the Test button to send a message to the TPS.
e. If the request is successful, the client opens a dialog box saying that the Phone Home URL
was successfully obtained.
6.3. Using Shared Security Databases
The Enterprise Security Client usually creates a new NSS security database for keys and certificates
for each user profile associated with the Enterprise Security Client. Whenever a user imports or trusts
a certificate for the Enterprise Security Client to use, it is imported into that NSS database for that
profile. (This is similar to the way that web browsers have different user profiles with different security
databases, password stores, and bookmarks for each profile.)
There may be instances when there are multiple Enterprise Security Client users who all use the client
on a single machine. In that case, it makes sense to have a common, shared security database that is
trusted by the Enterprise Security Client in addition to the user profile databases. That shared security
database contains certificates that are held in common by all users, such as the CA signing certificate
used by the TPS.
Using a shared security database is not configured by default.
1. Stop the Enterprise Security Client.
2. Create the security database directory and the databases that will be shared. Before configuring
the Enterprise Security Client, the databases must exist, be readable by the client, and contain the
certificates that will be used by the client.
NSS databases can be created using the certutil command. See the certutil
documentation, such as http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html, for more
information.
3. Open the esc-prefs.js file.
vim /usr/lib/esc-1.1.0/defaults/preferences/esc-prefs.js
4. Add the esc.global.alt.nss.db parameter, pointing to the directory which contains the
shared database.
prefs("esc.global.alt.nss.db", "C:/Documents and Settings/All Users/common_db");
5. When the Enterprise Security Client is restarted, the configuration changes will be applied.
62
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 8.0 - MANAGING SMART CARDS WITH THE ENTERPRISE SECURITY CLIENT 1-23-2010 and is the answer not in the manual?
Questions and answers